Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACE module RBAC

Good day.

I have a question about RBAC on Cisco ACE.

Is it a possible create user role, whitch allowed monitor serverfarm state ("show serverfarm xxx" {detail} command), but restrict "show running/startup config" commands?

Configuration like following did not work (show commands not available):

role tst

    rule 1 permit monitor feature serverfarm

    rule 2 deny monitor

However Virtual Configuration Guide said ''The rule number determines the order in which the ACE applies the rules, with a higher-numbered rule applied after a lower-numbered rule''.

So it is possible to accomplished?

Everyone's tags (1)
1 REPLY
Bronze

ACE module RBAC

Hello Anatoliy-

  Show run is permitted for all roles,/features, there is no way to disable it.

Regards,

  Chris Higgins

448
Views
0
Helpful
1
Replies
CreatePlease login to create content